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DETAILED ACTION 

1 . This communication is a second Office Action Non-Final rejection on the merits. 
Claims 4 and 8 have been cancelled. Claim 1 has been amended. Claims 9-12 have 
been added. Claims 1-3, 5-7, and 9-12 are pending and have been considered below. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-3, 5-7, and 9-12 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hodgson et al. (2002/0123972) in view of King (7,249,093). 

As per claim 1, Hodgson et al. discloses a system for making a purchase 
transaction by PIN purchasing over the Internet comprising (see Abstract): 

a merchant's check out web page on a merchant server for a buyer to make a 
purchase from the buyer's browser (page 3, paragraph 0035; via Internet merchant 
server 20 and a merchant web site is browsed by a user who initiates a secure payment 
transaction); 

means for the buyer selecting PIN purchase as a payment method and for 
entering a debit card number (Figure 6; page 7, paragraph 0092; via choosing credit or 
debit and manual entry of a credit card number); 
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an Internet authorization server to which the merchant system re-directs said 
buyer's browser and to which the merchant system passes along a unique transaction id 
coupled to said transaction (page 3, paragraphs 0028-0029, via transmitting FP block to 
Secure Transaction Management Server, STMS; page 8, paragraph 0108, via 
merchant/consumer tracking number assigned to track consumer's order) ; 

means for said Internet authorization server using a unique session key (page 7, 
paragraph 0100, via Data Encryption session key); 

an input device for the buyer to enters a PIN (input device 1114); 

means for encrypting said using said unique session key (page 7, paragraph 
0100, via RSA public key encryption with DES session key); 

a host security module to which said Internet authorization server passes said 
encrypted PIN, said host security module generating an encrypted ANSI PIN block 
(Figure 1 ; page 3, paragraphs 0026-0030; via Hardware Security Module deencrypts 
and reencrypts the PIN block); 

means for said ANSI PIN block passing back to said Internet authorization server 
(Figure 1 , via connection between HSM and STMS); 

means for said Internet authorization server returning control of said buyer's 
browser to said merchant server and passing along said unique transaction id (page 6, 
paragraphs 0084-0085, via "AUTH" response sent to consumer's PC; page 8, 
paragraph 0108, via merchant/consumer tracking number); 

a payment request based on contents of a shopping cart and said payment 
method, wherein said payment request is created by said merchant server (page 3, 
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paragraph 0033, via after the consumer has filled their shopping cart, a secure payment 
is initiated and a script is sent from the merchant web site to the consumer's browser); 

an Internet payments server to which said merchant server sends said payment 
request, wherein said Internet payments server determines said payment type and 
formats a payment authorization request (page 3, paragraphs 0028-0029, via FP block 
containing transaction information is sent to STMS, where a transaction request is sent 
to the payment processor); 

an ATM/POS system to which said payment authorization request is routed, 
wherein said ATM/POS system takes said encrypted ANSI PIN block passed along with 
said payment request and routes said ANSI PIN block through a second host secure 
module to be decrypted and translated (page 5, paragraph 0061 , via STMS forwards 
payment transaction to a POS transaction processor that has an HSM which can 
decrypt data sent by the HSM attached to the STMS); 

a data deposit account system wherein if said transaction is an on-us transaction, 
then said ATM/POS system validates said PIN and passes a transaction amount 
coupled to said transaction to said associated data deposit account system for 
authorization (Figure 12; via connections to STAR 1240 and NYCE 1250, which are 
ATM groups); 

a network coupled to the buyer's issuing financial institution, wherein if said 
transaction is an off-us transaction, then said authorization request is routed to said 
network to be further routed to said buyer's issuing financial institution (Figure 12; via 
connections to VISA 1220 and Mastercard 1230, which connects to issuing bank); 
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means for passing back to said ATM/POS system and finally back to said 
merchant server an authorization approval or denial (page 6, paragraph 0081 , via POS 
processor obtains "AUTH" response from issuing bank and passes it to the STMS). 

However, Hodgson et al. fails to expressly disclose displaying a secure PIN pad 
screen. 

King teaches a method and system for making purchases over a computer 
network that displays a secure PIN pad screen (Figure 3; col. 5, lines 30-40, via GUI 
allows consumer to use mouse to input PIN number). 

From this teaching of King, it would have been obvious to one of ordinary skill in 
the art at the time the invention was made to modify the system for making a purchase 
transaction of Hodgson et al. to include displaying a PIN pad screen as taught by King 
in order to allow for secure entry of PIN number. For example, entry of PIN number by 
keyboard is susceptible to keystroke logging. 

As per claim 2, Hodgson et al. discloses that the unique session is under 
Secure Sockets Layer (SSL) technology (page 6, paragraph 0076, via message 
encrypted with 128bit SSL). 

As per claim 3, Hodgson et al. discloses that a link between said Internet 
authorization server and said Internet payments server is a secure link (page 10, 
paragraph 152, via secure connections). 

As per claim 5, Hodgson et al. discloses a method for making a purchase 
transaction by PIN purchasing over the Internet, said method comprising the steps of 
(see Abstract): 
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a buyer proceeding to a merchant's checkout page on a merchant server from a 
buyer's browser to make a purchase (page 3, paragraph 0035; via Internet merchant 
server 20 and a merchant web site is browsed by a user who initiates a secure payment 
transaction); 

said buyer selecting PIN Purchase as a payment method and entering an 
associated debit card number (Figure 6; page 7, paragraph 0092; via choosing credit or 
debit and manual entry of a credit card number); 

said merchant server re-directing said buyer's browser to an Internet 
authorization server and passing a unique transaction id coupled to said transaction 
(page 3, paragraphs 0028-0029, via transmitting FP block to Secure Transaction 
Management Server, STMS; page 8, paragraph 0108, via merchant/consumer tracking 
number assigned to track consumer's order); 

said Internet authorization server using a unique session key (page 7, paragraph 
0100, via Data Encryption session key); 

said buyer entering said PIN using an input device (input device 1114); 

encrypting said PIN using said unique session key (page 7, paragraph 0100, via 
RSA public key encryption with DES session key); 

said Internet authorization server passing said encrypted PIN to a host secure 
module, wherein said host secure module generates an associated encrypted ANSI PIN 
block (Figure 1 ; page 3, paragraphs 0026-0030; via Hardware Security Module 
deencrypts and reencrypts the PIN block); 
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said Internet authorization server returning control of said buyer's browser to said 
merchant server along with said unique transaction id (page 6, paragraphs 0084-0085, 
via "AUTH" response sent to consumer's PC; page 8, paragraph 0108, via 
merchant/consumer tracking number); 

said merchant server creating a payment request based on contents of said 
shopping cart and said payment method, wherein said merchant server sends said 
payment request to an Internet payments server (page 3, paragraph 0033, via after the 
consumer has filled their shopping cart, a secure payment is initiated and a script is sent 
from the merchant web site to the consumer's browser; page 6, paragraph 0076, via 
message is transmitted to STMS); 

said Internet payments server determining a payment type and formatting a 
payment authorization request (page 3, paragraphs 0028-0029, via FP block containing 
transaction information is sent to STMS, where a transaction request is sent to the 
payment processor); 

said payment authorization request routing to an ATM/POS system, wherein said 
ATM/POS system takes said encrypted ANSI PIN block and routes it through a second 
host secure module to be decrypted and translated to an acquiring financial institution's 
encrypted PIN data (page 5, paragraph 0061, via STMS forwards payment transaction 
to a POS transaction processor that has an HSM which can decrypt data sent by the 
HSM attached to the STMS); 

if said transaction is on-us, then said ATM/POS system validating said PIN and 
passing an associated transaction amount to a data deposit account system for 
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authorization (Figure 12; via connections to STAR 1240 and NYCE 1250, which are 
ATM groups); 

if said transaction is off-us, then said authorization request routing to a network 
for routing to an issuing financial institution of said buyer (Figure 12; via connections to 
VISA 1220 and Mastercard 1230, which connects to issuing bank); 

passing back to said ATM/POS system an authorization approval or denial, 
wherein said authorization approval or denial is routed to said Internet payments server 
and finally back to said merchant server (page 6, paragraph 0081 , via POS processor 
obtains "AUTH" response from issuing bank and passes it to the STMS). 

However, Hodgson et al. fails to expressly disclose displaying a secure PIN pad 
screen. 

King teaches a method and system for making purchases over a computer 
network that displays a secure PIN pad screen (Figure 3; col. 5, lines 30-40, via GUI 
allows consumer to use mouse to input PIN number). 

From this teaching of King, it would have been obvious to one of ordinary skill in 
the art at the time the invention was made to modify the method for making a purchase 
transaction of Hodgson et al. to include displaying a PIN pad screen as taught by King 
in order to allow for secure entry of PIN number. For example, entry of PIN number by 
keyboard is susceptible to keystroke logging. 

As per claim 6, Hodgson et al. discloses that the unique session is under 
Secure Sockets Layer (SSL) technology (page 6, paragraph 0076, via message 
encrypted with 128bit SSL). 
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As per claim 7, Hodgson et al. discloses that a link between said Internet 
authorization server and said Internet payments server is a secure link (page 10, 
paragraph 152, via secure connections). 

As per claim 9, Hodgson et al. discloses a method for making a purchase 
transaction over a network (Abstract), the method comprising: 

receiving a request from a buyer to use PIN Purchase as a payment method 
(Figure 6; page 7, paragraph 0092; via choosing credit or debit); 

receiving an encrypted PIN from the buyer (page 3, paragraph 0026, via 
encryption automatically taking place after entering the PIN). 

However, Hodgson et al. fails to expressly disclose sending instructions to the 
buyer's computer to display a secure PIN pad screen, the secure PIN pad screen being 
displayed by a browser running on the buyer's computer, the secure PIN pad being 
programmed to allow the buyer to enter the buyer's PIN. 

King teaches a method and system for making purchases over a computer 
network with a secure PIN pad screen being displayed by a browser running on the 
buyer's computer, the secure PIN pad being programmed to allow the buyer to enter the 
buyer's PIN (Figure 3; col. 5, lines 30-40, via GUI allows consumer to use mouse to 
input PIN number). 

From this teaching of King, it would have been obvious to one of ordinary skill in 
the art at the time the invention was made to modify the method for making a purchase 
transaction of Hodgson et al. to include the PIN pad screen as taught by King in order to 
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allow for secure entry of PIN number. For example, entry of PIN number by keyboard is 
susceptible to keystroke logging. 

As per claim 10, Hodgson et al. discloses re-directing the buyer's browser to an 
Internet authorization server when the request to use PIN Purchase as a payment 
method is received (Figure 1 ; page 3, paragraphs 0028-0029, via transmitting FP block 
to Secure Transaction Management Server, STMS). 

As per claim 11, Hodgson et al. discloses passing the encrypted PIN to a host 
secure module that generates an associated encrypted ANSI PIN block (Figure 1 ; page 

3, paragraphs 0026-0030; via Hardware Security Module deencrypts and reencrypts the 
PIN block). 

As per claim 12, Hodgson et al. discloses receiving an associated debit card 
number (page 3, paragraph 0028, via placing card information in the FP block that is 
transmitted to the STMS for further processing). 

Response to Arguments 

4. Applicant's arguments, see pages 7-8, filed 3/19/2008, with respect to the 
rejection(s) of claim(s) 1-3 and 5-7 under 35 USC 102(b) have been fully considered 
and are persuasive. Therefore, the rejection has been withdrawn. However, upon 
further consideration, a new ground(s) of rejection is made in view of King (7,249,093). 
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Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Fernando et al. (2004/0024710) discloses a transaction device with a display 
screen for entering a PIN on a virtual keypad. 

Flitcroft et al. (2003/0028481 ) discloses a credit card system and method. 

Lazzaro et al. (2003/0182558) discloses a dynamic pin pad for debit electronic 
transactions. 

Walter (7,383,213) discloses an apparatus and method for maintaining children's 
automated bank account. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to ALAN LIU whose telephone number is (571)270-5113. 
The examiner can normally be reached on Monday through Thursday, 8:30AM-6:00PM 
EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Alexander Kalinowski can be reached on 571-272-6771 . The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Alexander Kalinowski/ 
Supervisory Patent Examiner, Art 
Unit 3691 

AL 



